ITS * ITS WG5 ToR

Terms of Reference for Working Group 5: Security 

Approved at ITS#02 

Responsibility

Working Group 5 shall be responsible for:

  • Conducting studies leading to deliverables on Security; 
  • Assuring ITS solutions conform to regulatory requirements for privacy, data protection, lawful interception and data retention; 
  • Management and co-ordination of the development of security specifications for ITS communication and data; 
  • Investigation of security services and mechanisms required for providing ITS services over the Internet; 
  • Development of security analyses of candidate protocols and network elements to be used within the ITS framework to implement capabilities e.g., EMTEL aspects, IPv6 migration, keying strategies and methods; 
  • Tracking ongoing worldwide security activities of interest to ITS (notably in ISO TC204)

Working Group 5 shall undertake activities including, but not restricted to:

  • Determine and document the objectives and priorities for ITS security taking into account the needs and aspirations of users, operators, regulators and manufacturers (primarily building a secure Service Capability invocation and protection model). 
  • Accommodate, as far as is practicable, any regional regulatory requirements in security objectives. This includes regional regulatory requirements that are related to the processing of personal data and privacy. 
  • Ensure that a threat analysis for ITS is conducted and maintained as the feature set being standardised grows. 
  • Detail the security requirements for ITS to include, but not necessarily be limited to, security requirements for services, user access to services, billing and accounting, operations and maintenance, and fraud control. 
  • Detail the security requirements for the physical elements of ITS deployments to include, but not necessarily be limited to, security requirements for the access network, the core network and its interfaces to legacy networks and terminals. 
  • Define a security architecture for ITS which will satisfy the security requirements and align with the ITS system architecture. 
  • Produce specifications for: 

 o All the elements in the security architecture.
 o Operations and management of the security elements.
   o Any cryptographic algorithms needed for the security elements. 

  • Ensure the availability of any cryptographic algorithms which need to be part of the common specifications (via SAGE for example). 
  • Define how the specifications for the security elements are to be integrated into the access network, core network, terminal, O&M and other relevant specifications produced for ITS, and to assist with that integration. Detail the requirements for lawful interception in ITS, and produce all specifications needed to meet those requirements. This work shall be performed in conjunction with TC LI to ensure handover capabilities exist sufficient to support the intercepted material. 
  • Produce a time and milestones plan for the introduction of the various elements of the security architecture which is in line with the development of other relevant elements of ITS. 
  • Produce guidelines on the use of the ITS security elements, including any requirements for operator specific algorithms. 
  • Produce guidelines on the limitations of ITS security, and of the implications of not activating the security elements that are provided.

In addition, security services and mechanisms for providing services over the Internet will continue to be investigated. It is important to realize that security for open networks and for interoperability is challenging.